Experts have called the launch of the Safer Cyberspace Masterplan 2020 “timely” and “important” to help secure Singapore’s cyberspace.
Launched by Deputy Prime Minister Heng Swee Keat, the Masterplan is designed to raise the general level of cybersecurity for individuals, communities, enterprises, and organisations here.
See: Safer Cyberspace Masterplan 2020 launched, aims to protect cyber infrastructure, activities and population
Benjamin Ang, Deputy Head of the Cyber and Homeland Defence Programme at the Centre of Excellence for National Security (CENS), said that the Masterplan has come at a time when everyone is using digital devices the most: during a pandemic, where people work, study and transact online in ever increasing numbers.
The higher level of usage also means a more target-rich environment for cyber criminals. Cybersecurity firm Ensign InfoSecurity, for one, had observed Covid-19-themed phishing attacks starting in March this year, when many people had started working from home.
By April, the frequency of attacks surged by more than 100 times, as threat actors capitalise on the Covid-19 situation to advance their interests.
Compared to the same period in 2019, there was a clear overall spike in phishing attacks across all sectors in Singapore, with Covid-19 themed attacks accounting for most of the increase.
Separately, Ensign InfoSecurity also recently conducted a phishing exercise to test the security measures for one of its clients, by taking advantage of the Covid-19 situation and sending emails masquerading as the CEO.
The Ensign Threat Insights Report found their phishing emails lured participating employees under the pretext of providing health packages with free masks and hand sanitizers.
The result was that more than 35% of the people in the organisation clicked the link, and provided their personal information. This level was 10% higher than the average result of past exercises.
As such, Tammie Tham, CEO of Ensign InfoSecurity calls the Masterplan “a step in the right direction”. “It recognizes that cybersecurity has to go beyond just large enterprises and the government. The master plan considers the importance of citizens, as well as our SMEs in ensuring a more secure digital landscape overall,” she says.
Ang of CENS points that the sensitivity towards cybersecurity has to be promoted across the entire organisation. While cybersecurity is a collective responsibility, there has to be awareness at the individual level too. “This really comes down to our individual organizations, our individual selves as people, and our own individual responsibility for keeping ourselves safe,” he says.
Despite the rise in cyber attacks, most of the attacks are “not very sophisticated attacks. They're not very new and advanced attacks. They're the same old tricks that have fooled people for a long, long time,” says Ang.
To combat this, the masterplan aims to enhance awareness of Singaporeans of how to protect themselves in cyberspace, change attitudes towards cybersecurity and encourage the adoption of cybersecurity measures.
To this end, the Cyber Security Agency of Singapore (CSA) will continue to expand its outreach efforts through the GoSafeOnline Community Outreach Programme, and the government will develop resources and toolkits that are customised for enterprises, so that enterprise leaders can make good decisions on addressing cyber risks that they face.
The measures also will complement the voluntary Cybersecurity Labelling Scheme, which is designed to help consumers make more informed decisions on the level of security offered by smart devices.
CSA will initially roll out this scheme to devices like routers and smart home hubs, and Ang explains that the reason was because these are “conduits” into home networks and smart appliances. In addition, because “these items are mass produced, and the focus so far has been on efficiency and cost, rather than on security.”
“There is no business incentive for a manufacturer to add in more security which would increase the cost of the product, because the customer is not going to necessarily pay more for a more secure router or device,” he adds.
By rolling out these new schemes and requirements, businesses might feel the burden of added cost. The industry insiders ask for this issue to be seen instead from the perspective of giving consumers more confidence in the products and services that they use.
Tham said that suppliers’ abilities to secure themselves will bolster their clients’ confidence in the company, and by “spending adequately in cyber, this proves to the clients that these companies have done more than due diligence, and the client should consider doing business with them.”
Furthermore, having a certain level of cybersecurity capabilities might be a prerequisite before a business partner will come on board, added Tham. She also shared about a major banking conglomerate, which requires businesses that work with them to meet certain cybersecurity standards.
“I think the Masterplan lays out initiatives to improve this cybersecurity posture of companies. I think if the companies were to follow it, it definitely is going to position them very well for these changes,” says Tham.
